• Post Reply Bookmark Topic Watch Topic
  • New Topic

could not log in (JSP code)  RSS feed

Posts: 20
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
My task is generate random user id and password for user to log in my web site.
Below are the data that inserted into database.
es_usr_id </t> es_password
A1001 </t> MWKBSP
A1002 </t> MWKBSP
A1003 </t> MWKBSP
A1012 </t> KSOKFN
A1013 </t> KSOKFN
A308 </t> VIJOWC
A309 </t> VIJOWC
A400 </t> VIJOWC
The problem is i can log in using A1001, A1012 and A308 only. The rest user id and password got error and i can't log in with that. How can i log in using all the user id and password that have been generated?
I unclude part of my coding:
<form name="form1" method="post" action="admin.jsp">
<% usr_nme = request.getParameter("empname");
passwrd = request.getParameter("pw");
boolean check_user = true;
boolean check_pass = true;
String sql_1 = "SELECT * FROM esaccs "+
"WHERE es_iden <> 'P' AND (es_iden <> 'O' OR es_iden <> 'T') ";
Statement stmt_1 = conn.createStatement();
ResultSet rset_1 = stmt_1.executeQuery(sql_1);
while (rset_1.next()) {
acc_no = rset_1.getString("es_access_no");
usr_id = rset_1.getString("es_usr_id");
passwd = rset_1.getString("es_password");
status = rset_1.getString("es_sts");
identi = rset_1.getString("es_iden");
session.setAttribute("iden", identi);
if ((!usr_nme.equals(usr_id))) {
check_user = false;
} else {
check_user = true;
if (!passwrd.equals(passwd)) {
check_pass = false;
} else {
check_pass = true;
if (check_user==true && check_pass==true) {
if (!check_user && check_pass) { %>
<center><h2>Invalid Login Name!</h2>
<% } else if (!check_pass && check_user) { %>
<center><h2>Invalid Password!</h2>
<% } else if (!check_user && !check_pass) { %>
<center><h2>Invalid Login Name and Password!</h2>
<% } else {
session.setAttribute("access_no", acc_no);
session.setAttribute("user_name", usr_nme);
session.setAttribute("password", passwrd);
boolean chk = false;
String sql = "SELECT * FROM fcrsdt "+
"WHERE fs_access_no = '"+String.valueOf(session.getAttribute("access_no"))+"' ";
Statement stmt = conn.createStatement();
ResultSet rset = stmt.executeQuery(sql);
while(rset.next()) {
session.setAttribute("fs_lot_no", rset.getString("fs_lot_no"));
session.setAttribute("fs_access_no", rset.getString("fs_access_no"));
session.setAttribute("fs_name", rset.getString("fs_name"));
session.setAttribute("fs_proj_cde", rset.getString("fs_proj_cde"));
session.setAttribute("fs_phase_num", rset.getString("fs_phase_num"));
chk = true;
if (chk == false) {
String sql_2 = "SELECT fp_seq_no, fp_name FROM fcpubl "+
"WHERE fp_seq_no = '"+String.valueOf(session.getAttribute("access_no"))+"' ";
Statement stmt_2 = conn.createStatement();
ResultSet rset_2 = stmt_2.executeQuery(sql_2);
while (rset_2.next()) {
int seqno;
seqno = rset_2.getInt("fp_seq_no");
String sequenceno="";
session.setAttribute("fp_name", rset_2.getString("fp_name"));
if (check_user && check_pass && (identi.equals("O") || identi.equals("T") || identi.equals("P"))) {%>
<h3> </h3>
<META HTTP-EQUIV="refresh" CONTENT="3; URL=admin.jsp">
<h3 align="center"><font color="#000099">Invalid Login!</font></h3>
<h3 align="center"><font color="#000099">You are not administrator, you have no authority to login.</font></h3>
<% } else if (check_user && check_pass && identi.equals("A")) {
} %>
Ranch Hand
Posts: 399
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
A couple of thoughts about this. You say you get an error; what is the message? Is it an invalid user? password? both? You have explicit checks for all three cases, so the error message will indicate what is not matching. You might want to put some debug (System.out.println) statments to make sure you're getting all of the value you think you should be getting from the database. If you have leading or trailing spaces on the values in the database, or in the values on the form, it could cause it to fail. It should be fairly easy to see what is happening and why the other values are failing.
When you post code like this, if you put it inside CODE tags the formatting will be preserved and the code will be easier to read. You could edit your original post and put them in.
I don't see where you are closing your ResultSet and Statement objects. Although this probably wouldn't cause the problem you're seeing, you MUST explicitly close the ResultSet and Statement objects after you are done with them. And that's best accomplished inside of the "finally" section of a "try/catch/finally" block.

Of course you want to handle closing the connection in a similar manner.
Don't get me started about those stupid light bulbs.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!